Migrate external IDPs from Custom Authentication to an authenticator Skip Navigation

Migrate external IDPs from Custom Authentication to an authenticator

When you sign in to the management console using an external identity provider (IDP) that is configured for custom authentication, you must sign in using the 'Or sign in with your External Identity Provider' link with your external IDP credentials.
BlackBerry
recommends that you configure your external IDP as an authenticator and use an authentication policy to sign in from the main sign in screen using your IDP credentials. Configuring your external IDP as an authenticator provides more granularity and flexibility in the authentication configuration.
To configure an external IDP to sign in to the management console from the main sign in screen, perform the following actions. For more information, see How Do I Migrate external IDPs from custom authentication to an authenticator.
If you configured your existing IDP as an authenticator before December 2023 and you want to allow users to directly access the
Cylance
console from the IDP user portal, see Enhanced authentication sign in.
Step
Action
Step 1
Step 2
Step 3
Configure the external IDP to communicate with Cylance Endpoint Security.
  • Record the custom authentication information
  • Configure the authenticator
Step 4
Manage authentication policies for your tenant that uses the authenticator that you created.
As a failsafe, create one user policy that only uses the
Cylance
console password and assign it to one administrator.
Step 5
Verify that the Allow Password Login check box (Settings > Application > Custom Authentication) is selected. This option allows you to log in to the console directly and use SSO. Enable this option to test your SSO settings without being locked out of the console.
Step 6
Step 7
(Optional) Disable Custom Authentication (Settings > Application).